"stealth master" DNS Security
Chris Dew
cmsdew at googlemail.com
Wed Mar 25 10:17:20 UTC 2009
You could use the ecrypt fs for the location of the zone data - it
would require a passphrase when bind starts up on the slave - this
could cause trouble if the slave crashes.
In general there is NO way of having encrypted data on a machine AND
having the keys on that same machine AND making it 100% secure.
Regards,
Chris
http://www.finalcog.com
2009/3/25 Ram Akuka <ramakuka at gmail.com>
>
> Hi,
> I want to design a DNS system for secure authoritative server.
> I’ll use one master server to store the data zone and use zone
> transfer mechanism for the 2 public slave servers (which will defined
> as masters in the internet). That way I’ll update and backup only
> server.
> I using TSIG for secure zone transfer but I have few questions,
> Is there’s any way I can encrypt the zone files in the slave server,
> that way no one can have access to the actual zone data beside the
> master server.
> (if for example someone will hack to the slave DNS he won’t have the
> zones data).
>
> Thanks in advance,
>
>
> --
> Ram
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list